Hello,

We need to install a firewall program to defend our Linux server from unauthorized access.

Specifically, we need to configure which ports and protocols are allowed from specific IP addresses or subnets and limit any other access.

What reliable open-source software is there with an easy to use web interface?

Thank you in advance,

David

You don't need to install anything, it's all there already. The system-config-security level contains a basic firewall configuration tool, or you can just directly edit /etc/sysconfig/iptables. I really wouldn't recommend a web interface for modifying firewall configurations.

Well, CentOS already comes with the standard GNU/Linux firewall, which is Netfilter. It also brings the standard configuration tool, iptables. So basically you'd want a Web-based front end to iptables. Something like Firewall Builder, perhaps?

Hi Chris,

Thank you for your prompt response.

I have a Gnome interface and through it, I accessed the firewall, but I disabled it, because what I could configure there is only the port and protocol, and not specific origins.

Do I need to re-enable the built-in firewall? How do I define security policies?

Thanks,

David

Really think you can define source IP's in the default tool... Hmm. Personally I'd just edit the config file directly, taking a few examples to get the syntax right. That's only my preference TBH though. As Winsux said, there are web interfaces if you really want one, and some are really quite advanced. It all comes back to iptables config files of varying compelxity though.

Note that Linux only ever has ONE firewall, NetFilter w/ IPTables. Everything else, i.e. clicky pointy tools, are just wrappers for making config files for NetFilter, in the form of IPTables commands to directly modify it.

I agree with everyone else. You're better off learning the command line tools and editing the files. Adding web access just increases the surface area and also extra rules in your rule set.